Abstract: Systems (100) and methods (1000) for dynamic data storage within a network. The method comprising: receiving at least one first data file (202) comprising first data (302-320); segmenting the first data so as to form a plurality of first data segments (208); processing each of the first data segments to transform at least one first attribute of a plurality of attributes thereof so as to form a second data segment (210); storing the second data segments respectively in a plurality of different data stores (116-120); and dynamically changing physical locations where the second data segments are stored in response to an occurrence of a first trigger event. In some scenarios, the method steps may be iteratively repeated in response to one or more second trigger events (which may be the same as or different than the first trigger event).

Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.

Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is manually selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.

Abstract: Systems (100) and methods (1000) for dynamic data storage within a network. The method comprising: receiving at least one first data file (202) comprising first data (302-320); segmenting the first data so as to form a plurality of first data segments (208); processing each of the first data segments to transform at least one first attribute of a plurality of attributes thereof so as to form a second data segment (210); storing the second data segments respectively in a plurality of different data stores (116-120); and dynamically changing physical locations where the second data segments are stored in response to an occurrence of a first trigger event. In some scenarios, the method steps may be iteratively repeated in response to one or more second trigger events (which may be the same as or different than the first trigger event).

Abstract: Systems (1900) and methods (2300, 2400) for use in a network node (1901-1903). The methods involve: receiving a Data Communication (“DC”) from Data Link Layer Software (“DLLS”); identifying an IDentity Parameter (“IDP”) contained in DC which comprises a False Value (“FV”) specifying false information about the node or DC; obtaining a True Value (“TV”) specifying true information about the node or DC; replacing the FV with the TV to generate a modified DC; and forwarding the modified DC to Network Layer Software (“NLS”). The methods also involve: receiving a Data Unit (“DU”) from NLS comprising a Transport Layer Header (“TLH”) and a Network Layer Header (“NLH”) including TVs specifying true information about the node or FDU; obtaining a FV which specifies false information about the node or FDU; replacing a TV of DU with the FV so as to form a Modified Data Unit (“MDU”); and forwarding MDU to DLLS.

Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.

Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is manually selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.

Abstract: A method and apparatus for processing data messages in a dynamic computer network is disclosed. The method includes implementing a mission plan specifying a message type, a message generation location, and a message distance vector for false messages, receiving a data message that includes a plurality of identity parameters, and determining a message type and a message distance vector for the received message. The network device is configured to generate false messages and process received messages. If the message type is a false message and the distance vector of the false message has been exhausted, the data message is dropped. If the distance vector of the false message has not been exhausted, transmitting the false message in accordance with the mission plan.

Abstract: A method and apparatus for processing data messages in a dynamic computer network is disclosed. The method includes implementing a mission plan specifying a message type, a message generation location, and a message distance vector for false messages, receiving a data message that includes a plurality of identity parameters, and determining a message type and a message distance vector for the received message. The network device is configured to generate false messages and process received messages. If the message type is a false message and the distance vector of the false message has been exhausted, the data message is dropped. If the distance vector of the false message has not been exhausted, transmitting the false message in accordance with the mission plan.

Abstract: Systems (1900) and methods (2300, 2400) for use in a network node (1901-1903). The methods involve: receiving a Data Communication (“DC”) from Data Link Layer Software (“DLLS”); identifying an IDentity Parameter (“IDP”) contained in DC which comprises a False Value (“FV”) specifying false information about the node or DC; obtaining a True Value (“TV”) specifying true information about the node or DC; replacing the FV with the TV to generate a modified DC; and forwarding the modified DC to Network Layer Software (“NLS”). The methods also involve: receiving a Data Unit (“DU”) from NLS comprising a Transport Layer Header (“TLH”) and a Network Layer Header (“NLH”) including TVs specifying true information about the node or FDU; obtaining a FV which specifies false information about the node or FDU; replacing a TV of DU with the FV so as to form a Modified Data Unit (“MDU”); and forwarding MDU to DLLS.

Abstract: A method and apparatus for filtering data communications in a dynamic computer network is disclosed. The method includes receiving a data packet that includes a plurality of identity parameters. The data packet is filtered by comparing the plurality of identity parameters to a set of filtering rules. The filtering rules allow the data packet into the network if a set of said identity parameters have been pseudorandomly transformed to specify false identity parameters and those false identity parameters are within a set of currently allowed false identity parameters determined based on a mission plan.